azure: init nixos/maintainers/scripts/azure-new

author: Cole Mickens <cole.mickens@gmail.com> 2020-03-26 06:11:54 +0000
committer: Jon <jonringer@users.noreply.github.com> 2020-03-29 13:56:55 -0700
commit: 20f981de08d8bc407d0897c03b963f5aba6fda50 (patch)
tree: 7c28ce834a25f6443b7ff232c18d65133cd0a41f
parent: a5a6d77508dfd515e5f94ad92d2dfb9065e787c0 (diff)
download: nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.tar
nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.tar.gz
nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.tar.bz2
nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.tar.lz
nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.tar.xz
nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.tar.zst
nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.zip
9 files changed, 195 insertions, 0 deletions
diff --git a/nixos/maintainers/scripts/azure-new/.gitignore b/nixos/maintainers/scripts/azure-new/.gitignore
new file mode 100644
index 00000000000..26905a86234
--- /dev/null
+++ b/nixos/maintainers/scripts/azure-new/.gitignore
@@ -0,0 +1 @@
+azure
\ No newline at end of file
diff --git a/nixos/maintainers/scripts/azure-new/README.md b/nixos/maintainers/scripts/azure-new/README.md
new file mode 100644
index 00000000000..1bc8d8a2938
--- /dev/null
+++ b/nixos/maintainers/scripts/azure-new/README.md
@@ -0,0 +1,30 @@
+# azure
+
+## Demo
+
+Here's a demo of this being used: https://asciinema.org/a/euXb9dIeUybE3VkstLWLbvhmp
+
+## Usage
+
+Build and upload the image
+```shell
+$ ./upload-image.sh ./examples/basic/image.nix
+
+...
++ attr=azbasic
++ nix-build ./examples/basic/image.nix --out-link azure
+/nix/store/qdpzknpskzw30vba92mb24xzll1dqsmd-azure-image
+...
+95.5 %, 0 Done, 0 Failed, 1 Pending, 0 Skipped, 1 Total, 2-sec Throughput (Mb/s): 932.9565 
+...
+/subscriptions/aff271ee-e9be-4441-b9bb-42f5af4cbaeb/resourceGroups/nixos-images/providers/Microsoft.Compute/images/azure-image-todo-makethisbetter
+```
+
+Take the output, boot an Azure VM:
+
+```
+img="/subscriptions/.../..." # use output from last command
+./boot-vm.sh "${img}"
+...
+=> booted
+```
diff --git a/nixos/maintainers/scripts/azure-new/boot-vm.sh b/nixos/maintainers/scripts/azure-new/boot-vm.sh
new file mode 100755
index 00000000000..1ce3a5f9db1
--- /dev/null
+++ b/nixos/maintainers/scripts/azure-new/boot-vm.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+set -euo pipefail
+set -x
+
+image="${1}"
+location="westus2"
+group="nixos-test-vm"
+vm_size="Standard_D2s_v3";  os_size=42;
+
+# ensure group
+az group create --location "westus2" --name "${group}"
+group_id="$(az group show --name "${group}" -o tsv --query "[id]")"
+
+# (optional) identity
+if ! az identity show -n "${group}-identity" -g "${group}" &>/dev/stderr; then
+  az identity create --name "${group}-identity" --resource-group "${group}"
+fi
+
+# (optional) role assignment, to the resource group, bad but not really great alternatives
+identity_id="$(az identity show --name "${group}-identity" --resource-group "${group}" -o tsv --query "[id]")"
+principal_id="$(az identity show --name "${group}-identity" --resource-group "${group}" -o tsv --query "[principalId]")"
+until az role assignment create --assignee "${principal_id}" --role "Owner" --scope "${group_id}"; do sleep 1; done
+
+# boot vm
+az vm create \
+  --name "${group}-vm" \
+  --resource-group "${group}" \
+  --assign-identity "${identity_id}" \
+  --size "${vm_size}" \
+  --os-disk-size-gb "${os_size}" \
+  --image "${image}" \
+  --admin-username "${USER}" \
+  --location "westus2" \
+  --storage-sku "Premium_LRS" \
+  --ssh-key-values "$(ssh-add -L)"
+
diff --git a/nixos/maintainers/scripts/azure-new/common.sh b/nixos/maintainers/scripts/azure-new/common.sh
new file mode 100644
index 00000000000..eb87c3e0650
--- /dev/null
+++ b/nixos/maintainers/scripts/azure-new/common.sh
@@ -0,0 +1,7 @@
+export group="${AZURE_RESOURCE_GROUP:-"azure"}"
+export location="${AZURE_LOCATION:-"westus2"}"
+
+img_file=$(echo azure/*.vhd)
+img_name="$(basename "${img_file}")"
+img_name="${img_name%".vhd"}"
+export img_name="${img_name//[._]/-}"
diff --git a/nixos/maintainers/scripts/azure-new/examples/basic/image.nix b/nixos/maintainers/scripts/azure-new/examples/basic/image.nix
new file mode 100644
index 00000000000..74b12815158
--- /dev/null
+++ b/nixos/maintainers/scripts/azure-new/examples/basic/image.nix
@@ -0,0 +1,10 @@
+let
+  pkgs = (import <nixpkgs> {});
+  machine = import "${pkgs.path}/nixos/lib/eval-config.nix" {
+    system = "x86_64-linux";
+    modules = [
+      ({config, ...}: { imports = [ ./system.nix ]; })
+    ];
+  };
+in
+  machine.config.system.build.azureImage
diff --git a/nixos/maintainers/scripts/azure-new/examples/basic/system.nix b/nixos/maintainers/scripts/azure-new/examples/basic/system.nix
new file mode 100644
index 00000000000..7e4d245d6cc
--- /dev/null
+++ b/nixos/maintainers/scripts/azure-new/examples/basic/system.nix
@@ -0,0 +1,42 @@
+{ pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    "${modulesPath}/virtualisation/azure-common.nix"
+    "${modulesPath}/virtualisation/azure-image.nix"
+  ];
+
+  ##### test user ######
+  users.extraGroups."cole".gid = 1000;
+    users.extraUsers."cole" = {
+      isNormalUser = true;
+      home = "/home/cole";
+      description = "Cole Mickens";
+      openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC9YAN+P0umXeSP/Cgd5ZvoD5gpmkdcrOjmHdonvBbptbMUbI/Zm0WahBDK0jO5vfJ/C6A1ci4quMGCRh98LRoFKFRoWdwlGFcFYcLkuG/AbE8ObNLHUxAwqrdNfIV6z0+zYi3XwVjxrEqyJ/auZRZ4JDDBha2y6Wpru8v9yg41ogeKDPgHwKOf/CKX77gCVnvkXiG5ltcEZAamEitSS8Mv8Rg/JfsUUwULb6yYGh+H6RECKriUAl9M+V11SOfv8MAdkXlYRrcqqwuDAheKxNGHEoGLBk+Fm+orRChckW1QcP89x6ioxpjN9VbJV0JARF+GgHObvvV+dGHZZL1N3jr8WtpHeJWxHPdBgTupDIA5HeL0OCoxgSyyfJncMl8odCyUqE+lqXVz+oURGeRxnIbgJ07dNnX6rFWRgQKrmdV4lt1i1F5Uux9IooYs/42sKKMUQZuBLTN4UzipPQM/DyDO01F0pdcaPEcIO+tp2U6gVytjHhZqEeqAMaUbq7a6ucAuYzczGZvkApc85nIo9jjW+4cfKZqV8BQfJM1YnflhAAplIq6b4Tzayvw1DLXd2c5rae+GlVCsVgpmOFyT6bftSon/HfxwBE4wKFYF7fo7/j6UbAeXwLafDhX+S5zSNR6so1epYlwcMLshXqyJePJNhtsRhpGLd9M3UqyGDAFoOQ== (none)"];
+      #mkpasswd -m sha-512
+      hashedPassword = "$6$k.vT0coFt3$BbZN9jqp6Yw75v9H/wgFs9MZfd5Ycsfthzt3Jdw8G93YhaiFjkmpY5vCvJ.HYtw0PZOye6N9tBjNS698tM3i/1";
+      uid = 1000;
+      group = "cole";
+    };
+    nix.trustedUsers = [ "cole" ];
+  ##### test user ######
+
+  virtualisation.azureImage.diskSize = 2500;
+
+  system.stateVersion = "20.03";
+  networking.hostName = "azbuildworld";
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  #environment.noXlibs = true;
+  #documentation.enable = false;
+  #documentation.nixos.enable = false;
+
+  services.openssh.passwordAuthentication = false;
+  programs.mosh.enable = true;
+
+  security.sudo.wheelNeedsPassword = false;
+    
+  environment.systemPackages = with pkgs; [
+    git neovim jq file htop ripgrep cachix wget curl tmux zsh
+  ];
+}
diff --git a/nixos/maintainers/scripts/azure-new/shell.nix b/nixos/maintainers/scripts/azure-new/shell.nix
new file mode 100644
index 00000000000..592f1bf9056
--- /dev/null
+++ b/nixos/maintainers/scripts/azure-new/shell.nix
@@ -0,0 +1,13 @@
+with (import ../../../../default.nix {});
+stdenv.mkDerivation {
+  name = "nixcfg-azure-devenv";
+
+  nativeBuildInputs = [
+    azure-cli
+    bash
+    cacert
+    azure-storage-azcopy
+  ];
+
+  AZURE_CONFIG_DIR="/tmp/azure-cli/.azure";
+}
diff --git a/nixos/maintainers/scripts/azure-new/upload-image.sh b/nixos/maintainers/scripts/azure-new/upload-image.sh
new file mode 100755
index 00000000000..4f3da6778e8
--- /dev/null
+++ b/nixos/maintainers/scripts/azure-new/upload-image.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+set -euo pipefail
+set -x
+
+attr="${1:-"azbasic"}"
+
+nix-build ./examples/basic/image.nix --out-link "azure"
+
+group="nixos-images"
+location="westus2"
+img_name="azure-image-todo-makethisbetter" # TODO: clean this up
+img_file="$(readlink -f ./azure/disk.vhd)" # TODO: this doesn't feel great either
+
+if ! az group show -n "${group}" &>/dev/null; then
+  az group create --name "${group}" --location "${location}"
+fi
+
+if ! az disk show -g "${group}" -n "${img_name}" &>/dev/null; then
+  bytes="$(stat -c %s ${img_file})"
+  size="30"
+  az disk create \
+    --resource-group "${group}" \
+    --name "${img_name}" \
+    --for-upload true --upload-size-bytes "${bytes}"
+
+  timeout=$(( 60 * 60 )) # disk access token timeout
+  sasurl="$(\
+    az disk grant-access \
+      --access-level Write \
+      --resource-group "${group}" \
+      --name "${img_name}" \
+      --duration-in-seconds ${timeout} \
+        | jq -r '.accessSas'
+  )"
+
+  azcopy copy "${img_file}" "${sasurl}" \
+    --blob-type PageBlob 
+    
+  az disk revoke-access \
+    --resource-group "${group}" \
+    --name "${img_name}"
+fi
+
+if ! az image show -g "${group}" -n "${img_name}" &>/dev/null; then
+  diskid="$(az disk show -g "${group}" -n "${img_name}" -o json | jq -r .id)"
+
+  az image create \
+    --resource-group "${group}" \
+    --name "${img_name}" \
+    --source "${diskid}" \
+    --os-type "linux" >/dev/null
+fi
+
+imageid="$(az image show -g "${group}" -n "${img_name}" -o json | jq -r .id)"
+echo "${imageid}"
diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix
index 94c48b59a7d..21fd58e5c90 100644
--- a/nixos/modules/virtualisation/azure-image.nix
+++ b/nixos/modules/virtualisation/azure-image.nix
@@ -21,6 +21,7 @@ in
       name = "azure-image";
       postVM = ''
         ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -o subformat=fixed,force_size -O vpc $diskImage $out/disk.vhd
+        rm $diskImage
       '';
       configFile = ./azure-config-user.nix;
       format = "raw";
author	Cole Mickens <cole.mickens@gmail.com>	2020-03-26 06:11:54 +0000
committer	Jon <jonringer@users.noreply.github.com>	2020-03-29 13:56:55 -0700
commit	20f981de08d8bc407d0897c03b963f5aba6fda50 (patch)
tree	7c28ce834a25f6443b7ff232c18d65133cd0a41f
parent	a5a6d77508dfd515e5f94ad92d2dfb9065e787c0 (diff)
download	nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.tar nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.tar.gz nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.tar.bz2 nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.tar.lz nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.tar.xz nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.tar.zst nixpkgs-20f981de08d8bc407d0897c03b963f5aba6fda50.zip